CD Projekt Red game source code is already leaking
Just a day after the official statement from CD Projekt Red the first data stolen through double extortion ransomware tactic is already being distributed on hacking forums.
Yesterday the developer and publisher of Witcher, Gwent and Cyberpunk franchises has confirmed it was a victim of a breach that might have enabled access to certain non-public data. In a series of tweets, the company claims that employees’ private data should be safe, however, the same thing couldn’t be said about game source codes.
The first data has already been published on Mega.nz (and quickly taken down), but the contents have quickly spread on hacking forums and 4Chan. A website called CyberNews has already downloaded the files and they were able to verify that the data indeed contains the source code for Gwent, a card-playing game released by CD Projekt Red.
All files have a modification date of February 5th, which might be the date when the breach had happened. The hackers have given CDPR 48 hours to pay the ransom, otherwise, the data would begin to leak. This indicates that the breach happened over the weekend and the time given to the developer has already expired. The developer has already confirmed it will not give in to the demands of the actor.
The readme file that was attached to the leaked source code reads that tomorrow there will be a next [data] release.
On hacking forums data containing source codes for Thronebraker, Witcher 3, Witcher 3 RTX and Cyberpunk 2077 is already being offered on auction. The hackers demand 0.1 BTC as a deposit (currently valued at 4500 USD).
The ransomware attack happened at a very troubling time for CD Projekt Red. In December the studio released its first-person shooter Cyberpunk 2077 which has been criticized for numerous bugs and lack of optimization on older consoles. The co-founder of CD Projekt has made a public apology last month and promised patches that will fix the bugs.